A New-to-Me Cold-Call Computer Security Scam

I just received a call from an unknown (foreign-accented -- maybe S. Asian) caller who knew my first name (albeit garbled), so I decided on a whim (it's a slow day) to see what I could learn about a new-to-me-scam. I know that all calls that begin "I am calling you to tell you your computer virus/antivirus programs have alerted us to a problem" are scams. However, this one was a little different, so I decided to play along for awhile. He didn't claim to be from Microsoft, but some generic-sounding computer security center.

He asked me to type "assoc" in a CMD window, then look for a line that had a long, unique-looking string.
I found a line that contained the complete string he asked for:
.zfsendtotarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}

At this point I terminated the call, but it made me wonder, how did he know this number belonged to my computer and how did he get my telephone number (although I am not that hard to find on White Pages, Google, etc.)? I was not worried that he could get access to my computer because I did not let him install any remote control programs, such as LetMeIn or AMMYY.

The answer is not surprising: a little research shows that my name/phone number are, in fact, easily found in various online directories. Given the popularity of Windows, he had a good chance of guessing I was running some version of Windows. Apparently all computers running Windows will have the same CLSID number. So what appeared to be a legitimate call, turns out to be as bogus as any other cold-call computer scam.

Last edited by cosmlou; 2016-05-05 at 15:11.
Reason: to correct slight error

That 'number' is common across Windows systems. You can enter assoc into a CMD dialog on any Windows 7 or Windows 10 device and the same CLSID will appear. (I haven't checked in Windows 8.x)

So, the answer to your question "how did he know this number belonged to my computer" is 'cos it's on all Windows devices from Windows XP onwards.

If you Google 'zfsendtotarget clsid trick' then you'll see how prevalent this scam is... and all of the results show the same 'unique' CLSID. The actual CLSID just means the .zfsendtotarget file extension, same as the .zip file extension refers to a compressed folder.

That 'number' is common across Windows systems. You can enter assoc into a CMD dialog on any Windows 7 or Windows 10 device and the same CLSID will appear. (I haven't checked in Windows 8.x)

So, the answer to your question "how did he know this number belonged to my computer" is 'cos it's on all Windows devices from Windows XP onwards.

If you Google 'zfsendtotarget clsid trick' then you'll see how prevalent this scam is... and all of the results show the same 'unique' CLSID. The actual CLSID just means the .zfsendtotarget file extension, same as the .zip file extension refers to a compressed folder.

Hope this helps...

Looks like a list of filename extensions and installed programs associated. If you want to keep a record type assoc>C:\assoc.txt then you can read it at leisure. It will be in the root of C: drive.assoc.txt

Two years ago, I fell victim to the “There is a problem with your computer that is causing serious problems on the Internet…” scam.

The other day, I got a phone call from someone claiming the same sort of problem with my computer. He made it sound like my computer problem just might be causing problems for others besides myself.

The outcome was quite different this time than it was in 2000.

I am a retired computer tech. I have been out of the industry since 2000. However I have a Toshiba laptop that I use at home.

Back in 2000, I got a friendly call from a “helpful” gentleman from Nepal. He claimed that he was a Microsoft engineer who monitors the Internet for serious security problems. He offered to show me the problems if I would allow him to take control of my computer.

I was suspicious of the situation but he assured me that he would stay on the phone with me and point out the problems. Then it would be my decision as to what I wanted to do about it.

He said the “threat” was so serious that he would disinfect my computer for free. Then maybe I would purchase the required anti-virus software to keep it from happening again.

I agreed to allow him to take remote control of my laptop and show me the infected files, etc.

When I was working as a tech, way back when, I didn’t have any such utilities to troubleshoot and fix any computer remotely. I had to try and visualize what the user on the other end of the phone was seeing and tell him/her what to do…and hope that they did it right…So, I thought this was pretty slick!

The tech worked for Microsoft so I thought it was alright.

He took control and showed me log files with red triangles with ! in the middle and highlighted filenames that were obviously corrupted or were disguised viruses. There were a lot of them.

I had no idea that any of this was going on with my computer. I was using McAfee which had not alerted me to any of this.

When he was done, he showed me cleaned log files, etc. and asked me if I wanted to purchase “something better than McAfee” that would keep my computer secure in the future.”

I told him that I would take care of getting better protection on my own. He said that it was up to me. Then we hung up.

I continued to work with my computer and noticed no problem.

When I turned my computer on the next morning, I couldn’t get in to my computer. My password wouldn’t work! That was when I knew what had really happened.

Luckily, I didn’t have anything important on my computer except for Microsoft Office and some other apps. It would be a pain to reinstall everything but I had no data that was important.

I wasn’t even able to access my daily backups on my external hard drive.

I reformatted my hard drive and the external backup drive. Then I reinstalled Windows 8.1 Pro and set about reinstalling my other software.

After everything was back running again, I called Microsoft Tech. Support to let them know what had happened to me. I wanted to alert them to the fact that someone was posing as being from Microsoft

I actually got rather annoyed at Microsoft because the low level person I talked to initially didn’t seem willing to escalate the call. I finally insisted that I speak to someone in Microsoft Security.

I was finally connected with someone in that department. Even then they didn’t seem as concerned about it as I was or thought they should be.

They just kept telling me that “Microsoft doesn’t call customers to alert them to problems on their computer…”

The man from Microsoft Security didn’t even seem to want the details or information that I had gotten from the call.

That was the last I ever heard from the call or Microsoft.

Now skipping forward to 2016…

Ever since I upgraded to Windows 10, I have been getting a popup notification that I need to provide Microsoft with my most recent “Microsoft Account Information” to verify my account and prove that I am that person… or some such nonsense.

I did call Microsoft to tell them what was going on. I was told that it “probably was a scam” and to ignore it.

A few days ago, I got a call from (590) 537-2962. It was the same old story…”You have a lot of files on your computer that are causing problems on the Internet…” .

As I was writing this situation up to post it here, a friend stopped by for a minute. I told him about the call. It turned out that he has been getting the same calls. And when he called the number back he got the message that the phone number was no longer in service.

A last word about Microsoft’s policy of not calling customers back… I have never gotten a call back from anyone at Microsoft even when they said they would call me back! I have always had to call them back and give them a case number. So I guess I should have known better from the beginning!